/* eslint-disable no-console */
import { generateKeyPairSync } from 'node:crypto'

function toEnvEscaped(pem) {
  // JSON.stringify 会对 \n 和 引号做转义，去掉首尾引号即可作为 .env 值
  return JSON.stringify(pem).slice(1, -1)
}

const { publicKey, privateKey } = generateKeyPairSync('rsa', {
  modulusLength: 2048,
  publicKeyEncoding: { type: 'spki', format: 'pem' },
  privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
})

console.log('=== PUBLIC KEY (PEM) ===\n' + publicKey)
console.log('=== PRIVATE KEY (PEM) ===\n' + privateKey)
console.log('ENV_PUBLIC_ESCAPED=' + toEnvEscaped(publicKey))
console.log('\nTips: keep PRIVATE KEY safe on backend only; do NOT commit it to VCS.')
